Search code examples
websocketmqttmosquitto

While using MQTT over Websockets via mosquitto as a a broker, how do I limit connections to a particular set of origins?

I have a mosquitto mqtt broker server set up, and the setup is currency working.

The problem, however, is that any origin can currently connect to my instance over websockets, which causes a security issue.

How do I limit that to a set of origins? I could not find anything in the documentation regarding this.

Solution

  • This is no different to native MQTT.

    You have 3 options:

    1. Enable authentication and set up an ACL so only authenticated clients can connect (set allow_anonymous false and either set up a password file or add the authentication plugin in the config file)

    2. Set up a firewall to drop connections from unknown hosts

    Edit

    1. Use nginx to proxy for mosquitto and use this to enforce origin rules before the upgrade. (I've not tried this yet but it should work)